1. Field of the Invention
The present invention relates to a web-based traceback system and method using reverse caching proxy, and more particularly, to a web-based traceback system and method using reverse caching proxy, which can effectively track down an illegitimate user who attempts to access a web server using anonymous proxy to hide his/her network information.
The present invention is based on research (Project No.: 2007-S-022-022, Project Title: Development of Intelligent Cyber Attack Monitoring and Tracking System for use in All-IP environment) conducted as part of Information Technology (IT) Growth Power Technology Development Project launched by Ministry of Information and Communication and Institute for Information Technology Advancement (IITA).
2. Description of the Related Art
Conventional firewalls and conventional intrusion detection systems obtain the source and target addresses of a network packet by analyzing the header of the network packet, and determine the access path of a user. Therefore, illegitimate users may attempt to access a web server or other network equipment through an anonymous server in order to hide their network information (e.g., internet protocol (IP) addresses). Anonymous server may cache web pages desired by users and may provide the cached web pages to users on behalf of web servers. Anonymous servers are supposed to distribute network traffic, but nowadays are being misused to intrude web servers.
Hypertext transfer protocol (HTTP) packets include a source internet protocol (IP) address and a target IP address. If a user attempts to access a web server through an anonymous server, the anonymous server may become the source IP address of an HTTP packet sent by the user. Therefore, it is difficult for conventional firewall and intrusion detection systems to locate illegitimate users who attempt to access a web server through an anonymous server.
Intrusion detection systems may acquire information regarding illegitimate users from an anonymous server used by the illegitimate users in order to track down the illegitimate users. However, it generally takes a considerable amount of time and effort to search through anonymous servers. In addition, it is very difficult to track down illegitimate users especially when the illegitimate users attempt to access a web server through more than one anonymous server.
In order to address these problems, Java applet- or ActiveX-based backtrack techniques have been suggested. However, such Java applet- or ActiveX-based backtrack techniques may not be able to properly track down illegitimate users who block popup windows with the use of their web browsers or use security programs.
In the meantime, Korean Patent Registration No. 10-0577829 discloses a traceback system, which can be executed in a web browser of a user and can thus locate the user, and an operating method of the traceback system. The patented system and method, however, require the modification of hypertext markup language (HTML) source code to be provided to a client and require communication involving the use of a moving image media protocol.